mirror_maker
/
gallery-dl
mirror of https://github.com/mikf/gallery-dl.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Avoid possible sensitive information disclosure via cache.file

Browse Source 
Previously cache.file could be created world readable leading to
possible sensitive information disclosure on multi-user systems.
Restrict permissions only to the owner by creating an empty file.

Please note that cache.file created before this commit may need a
`chmod 600' or similar!
pull/373/head
Leonardo Taccari 5 years ago committed by Mike Fährmann
parent 2153206093
commit afce1ee1eb
No known key found for this signature in database
GPG Key ID: 5680CA389D365A88
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File

7
gallery_dl/cache.py
Unescape View File

@ -9,6 +9,7 @@
"""Decorators to keep function results in an in-memory and database cache"""
import sqlite3
import pathlib
import pickle
import time
import functools
@ -198,7 +199,9 @@ def _path():
try:
dbfile = _path()
pathlib.Path(dbfile).touch(mode=0o600)
DatabaseCacheDecorator.db = sqlite3.connect(
_path(), timeout=30, check_same_thread=False)
except (TypeError, sqlite3.OperationalError):
dbfile, timeout=30, check_same_thread=False)
except (PermissionError, TypeError, sqlite3.OperationalError):
cache = memcache # noqa: F811

Write Preview
Loading…
Cancel
Save